Building Images: Gzip vs Zstd

When you pull (or push) a Docker image from a registry, what really happens behind the scenes? When you request an image, Docker first retrieves a manifest from the registry. This manifest contains crucial information about the image, such as its architecture, configuration, and most importantly, a list of layers (individual file system changes) that need to be downloaded.

By default, Docker checks the manifest for a build that matches your system’s architecture (e.g., linux/amd64). If it finds a match, Docker retrieves a manifest specific to that architecture, which includes the layers that make up the image.

You can see under layers.MediaType, the MIME type of the layer ends in tar+gzip. As you pull the image, Docker downloads these compressed layers and then extracts them into a filesystem on your machine. This is why you see messages like downloading , followed by extracting during the pull process:

When you push an image, Docker will automatically compress the layers with gzip before sending them to the registry. However, the buildx build or depot build commands give us much more control over our build process. We can specify the compression method we want to use while building and pushing using the --output flag.

Leave a Comment